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Assistant Commissioner for Patents 
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PRELIMINARY AMENDMENT 



Dear Sir: 



Prior to examination of the subject application and calculation of the filing 
fees therefor, please amend the claims as follows: 
TN THE CLAIMS: 

Please amend Claims 3-9, 13-16, 19-25 and 29-32 as follows: 

Claim 3, line 1, delete "or 2" after the numeral 1; 

Claim 4, line 1, delete "or 2" after the numeral 1; 

Claim 5, line 1, delete "any one of the preceding claims" and insert -claim 1- 
therefor; 

Claim 6, line 2, delete "etc"; 

Claim 7, line 1, delete "any one of the preceding claims" and insert -claim 1- 
therefor; 



Claim 8, line 1, delete "any one of the preceding claims" and insert -claim 1- 
therefor; 

Claim 9, line 1, delete "any one of the preceding claims" and insert -claim 1- 
therefor; 

Claim 13, line 1, delete "any one of claims 1 to 10" and insert -claim 1~ therefor; 
Claim 14, line 1, delete "any one of claims 1 to 10" and insert -claim 1- therefor; 
Claim 15, line 1, delete "any one of claims 1 to 10" and insert -claim 1- therefor; 
Claim 16, line 1, delete "any one of claims 1 to 10" and insert -claim 1- therefor; 
Claim 19, line 1, delete "or 18" after the numeral 17; 
Claim 20, line 1, delete "or 1 8" after the numeral 17; 
Claim 21, line 1, delete "any one of claims 17 to 20" and insert -claim 17-- 
therefor; 

Claim 22, line 2, delete "etc"; 

Claim 23, line 1, delete "any one of claims 17 to 22" and insert —claim 17- 
therefor; 

Claim 24, line 1, delete "any one of claims 17 to 23" and insert —claim 17- 
therefor; 

Claim 25, line 1, delete "any one of claims 17 to 24" and insert -claim 17- 
therefor; 

Claim 29, line 1, delete "any one of claims 17 to 26" and insert -claim 17- 
therefor; 

Claim 30, line 1, delete "any one of claims 17 to 26" and insert —claim 17- 
therefor; 

Claim 31, line 1, delete "any one of claims 17 to 26" and insert -claim 17- 
therefor; 

Claim 32, line 1, delete "any one of claims 17 to 26" and insert -claim 17- 
therefor; 



Please cancel Claims 33 and 34 without prejudice. 



REMARKS 



The subject application claims priority under 35 U.S.C. § 1 19 to Malaysian Patent 
Application No. PI 9800664 filed February 17, 1998. 

Claims 3-9, 13-16, 19-25 and 29-32 have been amended and Claims 33-34 have 
been canceled without prejudice. The amendments have been made to place the claims in 
proper condition for examination. No new matter has been added to the subject 
application. 

Early and favorable consideration of the subject application is respectfully 



requested. 



February 16, 1999 



.^Stott DTm^J 
Reg. No. 35,417 
Attorneys for Applicants 
CUMMINGS & LOCKWOOD 
Four Stamford Plaza 
P.O. Box 120 
Stamford, CT 06904 
Telephone: (203)351-4289 



Respectful 
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IMPROVEMENTS IN CODE BASED ACCESS SYSTEMS 
The present invention relates to improvements in code based access systems. 

J- 

5 Systems in which transactions or connections between two or more parts or 
stations of the system are conducted or established by means of an access code 
are known. Such systems include computer terminals wherein the access code is 
a password, bank terminals such as ATM machines wherein the access code is a 
personal identification number (PIN) and communications terminals such as 

1 0 mobile telephones wherein the access code is an electronic serial number (ESN). 
Typically the access code is provided by a user to an accessing part or station of 
the system and is verified against a duplicate version of the access code 
available to an accessed part or station of the system, before an authority to 
perform the transaction or to establish the connection between the stations or 

15 parts is given. 

A disadvantage of such systems is that the security of future transactions or 
connections becomes seriously compromised if the access code is detected by or 
otherwise becomes known to unauthorised persons ie. persons other than the 
person or persons authorized to perform the transaction or establish the 
connection. 

An object of the present invention is to provide a code based access system 
which alleviates the disadvantages of the prior art or at least provides the public 
with a choice. 

To this end the present invention provides a system including at least two parts or 
stations wherein a transaction or connection between any two or more of said 
parts or stations is conducted or established by means of an access code, said 
30 access code being available to an accessed part or station and requiring an 
identical access code to be provided to an accessing part or station at the time of 
conducting the transaction or establishing the connection, wherein said access 
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code is one of a plurality of codes provided to said accessed part or station and 
available to said accessing part or station, said access code being selected from 
said plurality of codes at the time of conducting the transaction or establishing the 
connection such that no two transactions are conducted or no two connections 
5 are established with the same access code. 

Once an access code has been used to conduct a transaction or establish a 
connection between the two parts or stations it may be deleted from the system 
or otherwise disabled. This may avoid the risk that the access code will be 
1 0 reused by the system. 

The plurality of access codes may be generated in any suitable manner and by 

q any suitable means. The means for generating the access code preferably is 

Jfl capable of generating non-repeating sequences of characters or numbers. In one 

Wl 15 form the plurality of codes may be generated via a pseudo random generator. In 

ffs another form the plurality of codes may be generated via a custom designed 

4E software program. The basis for the software program should be randomness 

7" and free combination. In one form the software program may be a spreadsheet 

O type program wherein a regular grid or pattern of characters or numbers can be 

jl 20 mixed in a controlled manner to produce non-repeating sequences of characters 

y - and/or numbers. 

The characters/numbers may include arabic numerals, Roman numerals, letters 
of the alphabet, morse codes etc. in any order or combination. Preferably the 
25 access codes are generated independently of or external to the system. Such an 
approach may enhance security of the overall system by reducing risks 
associated with systems in which variable codes are generated internally. 

The system of the present invention may include first code storage means 
30 associated with the accessing part or station of the system, such as an ATM 
terminal, personal computer, mobile telephone or the like. The first code storage 
means is adapted for storing one copy of the plurality of codes. The system may 
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include second code storage means associated with the accessed part or station 
of the system, such as a bank or other service computer system or telephone 
exchange. The second code storage means is adapted for storing a second copy 
of the plurality of codes identical to the one copy stored in the first storage means. 

5 The first storage means may be incorporated into or with a transaction card such 
as an ATM card, a computer diskette, a smart card or integrated circuit microchip 
or the like. The first storage means may include a passive carrier such a 
magnetic strip or the like or it may include an active carrier such as the integrated 
circuit microchip. Because a bank terminal system, computer sen/ice provider or 

10 telephone exchange typically will have a large number of users, the second 
storage means may be adapted to store a separate plurality of codes for each 
user. Each plurality of codes may be stored in the second storage means under 
a separate address. The address may be identified with a unique identity number 
assigned to each respective user. The identity number may be that users 

1 5 account number or it may be a different number associated with that user. 

It is highly desirable that the last used code be removed or otherwise disabled 
from the second code storage means at least, as this will minimize the risk that 
the same code will be reused in a subsequent transaction. This task may be 

20 performed by the bank or other service computer system. The last used code 
may also be erased or otherwise disabled from the first code storage means. 
This latter task may be performed in any suitable manner and by any suitable 
means. In one form this may be carried out by application of heat or mechanical 
marking not unlike the manner in which a telephone card is disabled according to 

25 its level of use. 

When a user with an ATM card having a particular identity number, say 9876, 
approaches an ATM terminal to make a transaction, the following sequence of 
events may take place: 

30 

(i) The bank computer system requests an unused code from the plurality of 
codes stored by the first code storage means, eg. the ATM transaction 



-3- 



card. The unused code will typically be the next unused code of the 
plurality of codes, but the plurality of codes may be used in any 
predetermined sequence; 

(ii) The bank computer requests the next unused code of the plurality of codes 
stored by the second code storage means under an address for the ATM 
card having identity number 9876; 

(iii) Upon receipt of the respective codes from the first and second code 
storage means the bank computer compares the codes looking for a 
perfect match; 

(iv) A perfect match between the two codes is interpreted as a successful 
verification of the identity of the users transaction card, and card number 
9876 is granted permission to proceed with the transaction; 

(v) A mismatch between the two codes is interpreted as an unsuccessful 
verification of the identity of the users transaction card and card number 
9876 is denied permission to proceed with the transaction; 

The present invention also provides a method of conducting a transaction or 
establishing a connection between at least two parts or stations by means of an 
access code r said access code being available to an accessed part or station at 
the time of conducting the transaction or establishing the connection and 
requiring an identical access code to be provided to an accessing part or station, 
said method including the steps of: 

making available a plurality of codes to said accessed and said accessing 

parts or stations; 

selecting, at the time of conducting the transaction or establishing the 
connection, one code from said plurality of codes; and 
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using said selected code to conduct the transaction or establish the 
connection such that no two transactions are conducted or no two connections 
are established with the same access code. 

5 The access code system of the present invention may be used in place of an 
existing or conventional access code system or systems or it may be used in 
addition to an existing or conventional access code system or systems to upgrade 
the security of the latter, "The improved system provided by the present invention 
may be incorporated into a newly designed code based access system or it may 
10 be provided by modifying an existing system. To distinguish access codes 
according to the present invention from prior art codes they will hereinafter be 
referred to as "secondary 1 * codes. 

The system of the present invention may be used to enhance security of a door 
opening apparatus, in particular door opening apparatus which makes use of an 
electronic key for accessing secure areas such as safes, strong rooms, high 
security areas or the like. In the latter embodiment a set of secondary security 
codes according to the present invention may be loaded to a first code storage 
means associated with the accessed part of the system. The accessed part may 
be a user inaccessible part of the door opening apparatus. The first code storage 
means may include an integrated circuit microchip, magnetic strip, smart card, 
computer diskette or the like. An identical set of codes may be made available to 
the accessing part of the system. The accessing part may be a user accessible 
part of the door opening apparatus. The accessing part may include an electronic 
key. The electronic key may include a second code storage means for storing an 
identical set of security codes. The second code storage means may include a 
magnetic strip, smart card, integrated circuit microchip computer diskette or the 
like. 

30 Preferred embodiments of the present invention will now be described with 
reference to the accompanying drawings wherein:- 
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Fig. 1 shows a diagramatic representation of one form of application of the 
present invention to bank terminals; 

Figs. 2A, 2B and 2C show front, rear and cross-sectional views respectively of a 
5 ^ dummy ATM card; 

Figs. 3A, 3B and 3C show empty, loaded and cross-sectional views respectively 
of a carrier strip transfer apparatus; 

10 Fig. 4 shows a cross-sectional view of an ATM card with carrier strip installed; 

Fig. 5 shows a diagramatic representation of one form of application of the 
present invention to a mainframe computer system; 

15 Fig. 6 shows a diagramatic representation of one form of application of the 
present invention to a mobile transceiver; and 

Fig. 7 shows a diagramatic representation of one form of application of the 
present invention to a door opening apparatus. 

20 

Referring to Fig. 1, there is shown an ATM access card 10 which serves as a 
carrier for secondary codes according to the present invention. In addition to the 
known magnetic strip (not shown) which carries the account number of the Client, 
ATM card 10 includes a carrier strip 11 in which are stored secondary codes 

25 according to the present invention. Prior to using ATM card 10 at an ATM 
terminal 12, ATM card 10 is inserted into a dedicated disc drive of a Personal 
Computer (PC) 13. PC 13 is programmed to generate a non-repeating set of 1 00 
secondary codes 14 and to write the set of codes 14 into carrier strip 11/ An 
identical set of 100 codes is sent to data storage module 15 associated with the 

30 bank's main computer system 16. The set of codes 14 may optionally be sent to 
code replacement module 17 where they may be held temporarily pending 
transfer to storage module 15. After the set of codes have been written into 
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carrier strip 11 and storage module 15 or code replacement module 17, PC 13 is 
programmed to delete the code set from its memory. This enhances security of 
the system by ensuring that no additional copies of the code set remain in 
existence. 

5 

ATM card 10 which carries identification serial number 9876 may then be inserted 
into a (modified) card slot associated with ATM terminal 12. The holder of ATM 
card 10 may key in his PIN number to commence a transaction and this may 
continue to provide a primary level of security as is known in the art. To provide a 

10 secondary level of security according to the present invention, main computer 16 
sends a request A to ATM terminal 12 for the first unused code (ABCDEF) from 
the set 14 of 100 codes written into carrier strip 11 associated with ATM card 10, 
Main computer 16 also sends a request B for the first unused code from the 
identical set of 100 codes stored in data storage module 15 under an address for 

15 the ATM card carrying identification serial number 9876. 

ATM terminal 12 sends reply C to computer 16 including the first unused code 
(ABCDEF) from carrier strip 11 and data storage module 15 sends reply D 
including the first unused code stored under the address corresponding to ATM 
20 card bearing serial number 9876. When computer 16 identifies a match between 
the codes included in replies C and D, it interprets this as a successful verification 
of the identify of ATM card 10 bearing serial number 9876 and grants permission 
E to ATM terminal 12 to proceed with the transaction. 

25 When computer 16 identifies a mismatch between the codes included in replies C 
and D, it interprets this as an unsuccessful verification of the identity of ATM card 
10 bearing serial number 9876 and denies permission to ATM terminal 12 to 
proceed with the transaction. A mismatch between the codes included in replies 
C and D indicates that an unauthorized penetration of the banking system may 

30 have taken place. Instead of barring further transactions in the event of a 
mismatch between the codes included in replies C and D, computer 16 may be 
programmed to request another code set each from ATM terminal 12 and data 
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storage module 15. Preferably computer 16 is programmed to request three 
further code sets each from ATM terminal 12 and data storage module 15. If 
three consecutive code sets do not match, computer 16 may reasonably assume 
that the banking system has been penetrated by unauthorized elements and may 
5^ bar further transactions of the account via the ATM card. Even if two out of three 
codes match computer 16 may still bar the transaction. Computer 16 may 
continue to request codes for verification until it has three consecutive matches, 
and may then return ATM card 10 to the user but not issue cash. 

1 0 Computer 1 6 may advise the user via the screen associated with ATM terminal 1 2 
to contact the local branch of his bank and seek assistance eg. to have his 
account number and/or code sets changed. The detected instance of potential 
breach of ATM card security may be recorded and communicated to the user 
immediately via telephone/fax/mail and/or the next authorized transaction made 

15 by the user. 

When the holder of the ATM card commences a subsequent transaction, 
computer 16 sends a request to ATM terminal 12 for the second unused code 
(1234567). This process continues until all 100 secondary codes have been used 

20 up one at a time. When all 100 codes sets have been used up the user will be 
advised via ATM terminal 12 to contact his bank to have the defunct carrier strip 
1 1 replenished with a fresh set of 100 codes. Gamer strip 11 may be replenished 
by rewriting. Alternatively, if the technique used for disabling/deleting used codes 
has harmed the integrity of carrier strip 11, carrier strip 11 may be removed from 

25 the ATM card and replaced with a fresh carrier strip. The fresh carrier strip may 
be supplied to be bank branch from a central location already writen with a new 
set of 100 codes. The fresh carrier strip may be supplied attached to a blank or 
dummy card to facilitate handling, programming and transfer of the carrier sfrip to 
a customer's ATM card. 

30 

Referring to Figs. 2A-C there is shown a dummy card 20 formed from 0,4mm 
thick plastics. This is about half the thickness of an ATM card. Fresh carrier strip 
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21 is attached to the front of dummy card 20 via a layer of adhesive 22. As 
shown in Fig. 2B, dummy card 20 is perforated at edges 23 adjacent the 
perimeter of carrier strip 21 and carrier strip 21 is arranged to break away from 
the main body of dummy card 20. A local layer of adhesive 24 overlaying carrier 
strip 21 is applied to the back of dummy card 20 as shown in Figs. 2B and 2C. 
Adhesive layer 24 is protected by a removable non-stick plastics cover 25. 

Fresh carrier strip 21 may be transferred to a customers existing ATM card via an 
apparatus as shown in Figs. 3A to 3C. Referring to Fig. 3A, the apparatus 
includes hinged upper and lower panels 26, 27. Upper panel 26 includes a 
recess 28 for receiving an ATM card. The ATM card includes a recess 10A for 
receiving carrier strip 21 (refer Fig. 4). Lower panel 27 includes a recess 29 for 
receiving the dummy card 20. Lower panel 27 also includes an embossing bar 30 
positioned so that it coincides with carrier strip 21 when dummy card 20 is 
received in recess 29. 

Embossing bar 30 is positioned so that it also coincides with recess 10A in the 
ATM card when the latter is received in recess 28 and upper and lower panels 26 
and 27 are closed against each other. Referring to Fig. 3B, embossing bar 30 in 
its rest position is below the level of the non-recessed face of lower panel 27 by 
the thickness of dummy card 20. Embossing bar 30 rests on see-saw brackets 
31, 32. See-saw brackets 31. 32 are mounted for pivotal movement about 
respective pivot points 33, 34. The inner ends 35, 36 of brackets 31, 32" abut 
embossing bar 30. The outer ends 37. 38 of brackets 31, 32 project beyond the 
face of lower panel 27 such that when upper and lower panels 26 and 27 are 
closed against each other, brackets 31, 32 pivot, lifting embossing bar 30 
approximately 0.5 mm above its rest position. 

In operation an ATM card 10 devoid of its carrier strip is received in recess 28 and 
dummy card 20 with carrier strip 21 intact is received in recess 29 as shown in 
Fig. 3C. To effect transfer of carrier strip 21 from dummy card 20 to ATM card 10, 
cover 25 is peeled away from adhesive layer 24 and upper panel 26 is closed 



firmly against lower panel 27 of the apparatus. This causes embossing bar 29 to 
lift to a position about level with the non-recessed face of panel 27, breaking 
perforated edges 23 and causing carrier strip 21 to lodge into recess 10A in ATM 
card 10 (refer Fig. 4). Upon opening of the apparatus, transfer of carrier strip 21 
5 ^ from dummy card 20 to the customers ATM card 10 should be complete. 

Transfer of carrier strip 21 from dummy card 20 to the customers ATM card 10 
may also be performed manually. This may be done by firstly removing the cover 
25 from adhesive layer 24 and placing dummy card 20 on top of ATM card 10, 

10 both in an upright and face up position. The two cards may be held firmly 
together eg. by means of adhesive tape applied to the tops and sides of the 
cards. The two cards should then be placed on a hard surface such as the edge 
of a table and an embossing bar approximately equal in dimensions to carrier 
strip 21 (78 mm x 4mm) placed on the top of carrier strip 21. The embossing bar 

15 should then be pressed down firmly with both thumbs. The thumbs may be slid 
along the length of the embossing bar until carrier strip 21 breaks away from 
dummy card 20 along its perforated edges 23 and is pushed into recess 10A in 
ATM card 10. The adhesive tapes may then be removed and transfer of carrier 
strip 21 to ATM card 10 should be complete. 

20 

Each bank branch may hold a large number of dummy cards with attached 
replacement carrier strips. To maintain security of the allocation process the 
customer may select at random a replacement carrier strip from a batch of say 
1000 replacement strips. When the customer selects his carrier strip it is affixed 
25 to his ATM card and the central bank computer is notified of the choice. The 
central bank computer then associates its second copy of the set of codes 
identical to the chosen replacement strip with the customers account or other 
identification number. 

30 The system shown in Fig. 5 protects a mainframe computer system 40 from 
hacking by way of external links to the computer system 40. Security is typically 
provided in this context by way of a common password for all authorized users of 
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computer system 40 and optionally another password for individual users. The 
passwords are usually changed once a week. This allows a hacker who gains 
access to the password or passwords to commit repeated break-ins over the 
period of currency of the password(s) and to gain access to confidential 
5 information and currupt the system with unauthorized data or a virus. 

The present invention allows operators of computer systems to substantially limit 
risk of random break-ins and to avoid repeated break-in activities. 

10 Referring to Fig. 5 there is shown a personal computer (PC) 41 connected to 
computer system 40 via connection 42 such as the internet and a verification 
module 43. Before access to computer system 40 can be granted verification 
module 43 must receive a valid code(s) from PC 41. The valid code(s) may 
include the usual password or passwords and includes a secondary code 

15 according to the present invention. A set of secondary codes 44a may be stored 
on an authorization diskette 44 which serves as a carrier for the secondary codes. 
Diskette 44 is adapted to store 100 sets of secondary codes. The set of 
secondary codes 44a is loaded to diskette 44 via PC 45 belonging to or being 
under the control of the owner or operator of computer system 40. 

20 

Once it is loaded with the secondary codes 44a diskette 44 is supplied via a 
secure route to the authorized user of computer system 40, The authorized user 
is obliged to store diskette 44 in a secure and preferably locked or otherwise 
restricted location. Diskette 44 will typically be available for use with a designated 
25 PC/terminal ie. a terminal having a specific E-mail address, unless a roaming 
authority has been granted. 

Diskette 44 should only need to be sent to new clients or first time users 
(including replacements for lost, barred and malfunctioning disks) because 
30 subsequent replacements codes (ie. after a current set of 100 codes has been 
used up) can be sent to the user's PC 41 via connection 42 after it has been 
verified. A set of 100 secondary codes identical to the set loaded to diskette 44 is 
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sent from PC45 to storage module 46 associated with verification module 43. 
The set of codes may optionally be sent to code replacement module 47 where 
they may be held temporarily pending transfer to storage module 46. 

5 When a user requests access to computer system 40 and (optionally) keys in his 
passwords into PC41, verification module 43 sends a request to PC41 via 
connection 42 for the first unused code from the list of 100 codes stored on 
diskette 44, Module 43 also sends a request A for the first unused code from the 
identical set of 100 codes stored in storage module 46 under an address specific 

10 to PC41. PC41 sends a reply to verification module 43 including the first unused 
code stored on diskette 44, and storage module 46 sends reply B to verification 
module 43 including the first unused code stored under the address which 
corresponds to PC41 When verification module 43 identifies a match between 
the codes received from PC 41 and storage module 46 it interprets this as a 

15 successful verification of the identity of PC41 and grants access to PC41 to 
connect to computer system 40. 

Even if the first set of codes is not immediately deleted after use for any reason, 
the verification software should be programmed so that it avoids reusing a 
20 previously used code. When the user next requests access to computer system 
40, verification module 43 sends a request for the second unused code. This 
process continues until all 100 secondary codes have been used up one at a 
time. Diskette 44 will then be defunct as it has no more verification codes 
available and must be replenished or replaced. 

25 

In one form a code replacement program may be activated upon positive 
verification of an access using the last or 100th code. Upon detecting a 
verification which utilizes the 1Q0th code, code replacement module 47 is 
activated to choose at random a new group of 100 secondary codes stored in 
30 module 47 and to download this to diskette 44 via line 48, module 43, line 42, and 
PC41 . During this process an image appears on the screen of PC41 warning the 
user not to remove diskette 44 from PC41 Module 47 also loads an identical set 



-12» 



of codes to storage module 46. The verification software may then assign via line 
49 the identity of PC41 , such as its E-mail address, to the set of codes just loaded 
to storage module 46. Code replacement module 47 may hold a large stock of 
unused code sets (eg. 1000) ready to be downloaded upon receiving a request 
from verification module 43. 

When verification module 43 identifies a mismatch between the codes received 
from PC41 and module 46 it interprets this as an unsuccessful verification of the 
identity of PC41 and denies further access to PC41 to connect to computer 
system 40. A mismatch between the codes received from PC41 and module 46 
indicates that an unauthorized penetration of the computer system may have 
taken place. The user is advised of this status and of the need for increased 
security/access to PC41 to prevent further unauthorized activities and/or the need 
to change passwords, diskette 44 etc. 

Instead of barring further access in the event of a mismatch between the codes, 
module 43 may be programmed to request another code set each from PC41 and 
data storage module 46. Preferably module 43 is programmed to request a 
further three code sets each from PC41 and data storage module 46. If three 
consecutive code sets do not match, module 43 may reasonably assume that the 
computer system has been penetrated by unauthorized elements and may bar 
further access to PC41. Even if two out of three codes match module 43 may still 
bar access. Module 43 may continue to request codes for verification until "rt has 
three consecutive matches, and only then may grant access to PC41. 

The system shown in Fig. 6 protects a mobile transceiver such as a cellular 
telephone from unauthorized use. Security is typically provided in this context by 
means of an electronic serial number (ESN) which establishes the identity and 
authenticity of an incoming call placed through a host transceiver. During the 
process of registration and activation of a new cellular telephone, matching sets 
of ESNs are respectively placed in the mobile transceiver and in the data bank of 
a main telephone exchange. 
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When a call is placed through the mobile transceiver the transceiver transmits its 
ESN followed by the telephone number of a recipient transceiver The 
transmitted signal is relayed via a receiving dish to the data bank of the telephone 
exchange. The ESN of the mobile transceiver is then compared to the matching 
ESN in the databank. When a match is established, the call is recognized by the 
telephone exchange as genuine and is authorized passage to the next stage 
{where no match is established between the transceiver ESN and the data bank 
ESN, the call is rejected and refused passage through the main exchange). The 
telephone number of the recipient transceiver is then sent by the telephone 
exchange to a transmitting tower for transmission to the recipient transceiver. 

Referring to Fig. 6, there is shown a host transceiver 50 linked to a recipient 
transceiver 51 (not shown) via telephone exchange 52 and respective transceiver 
stations 53, 54. Before access to recipient transceiver 51 can be granted, 
telephone exchange 52 must receive a valid code(s) from host transceiver 50. 
The valid code(s) may include a conventional ESN and includes a secondary 
code according to the present invention. A set of secondary codes may be stored 
in an integrated circuit microchip/smart card (IC) 55 fitted to host transceiver 50. 

IC 55 is in addition to the usual ESN integrated circuit microchip/smart card 56 
fitted to host transceiver 50. IC 55 is adapted to store 500 sets of secondary 
codes 55a, The set of secondary codes 55a is transferred to IC 55 via PC 57 
belonging to or being under control of the owner or operator of telephone 
exchange 52. PC 57 includes a dedicated IC writer for this purpose. Once IC 55 
is programmed, it is sent to a local branch office of the telephone service operator 
or his agent for installation to a new subscriber's transceiver or for replacement of 
a defunct IC ie. an IC which has exhaused all of its secondary codes. 

A set of 500 secondary codes identical to the set 55a stored in IC 55 is sent from 
PC 57 to storage module 58 associated with telephone exchange 52. The set of 
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codes may optionally be sent to code replacement module 59 where they may be 
held temporarily pending transfer to storage module 58. 

When host transceiver 50 places an outgoing call it transmits its ESN which is 
5^ picked up by transceiver station 53 and relayed to telephone exchange 52. The 
transmitted ESN is then compared to the matching ESN in the data bank of 
telephone exchange 52. When a match is established the ESN is recognized by 
telephone exchange 52 as legitimate and the call is authorized passage to the 
next stage. 

10 

According to the present invention telephone exchange 52 sends a request A to 
host transceiver 50 via transceiver station 53 for the first unused code from the 
set of 500 codes 55a stored in IC 55, Telephone exchange 52 also sends a 
request B for the first unused code from the identical set of 500 codes stored in 
15 storage module 58 under an address specific to host transceiver 50. In practice 
the storage address may be associated with the unique ESN assigned to host 
transceiver 50. 

Host transceiver 50 sends a reply C including the first unused code stored in IC 
20 55 to telephone exchange 52 and storage module 58 sends reply D to telephone 
exchange 52 including the first unused code stored under the address which 
corresponds to host transceiver 50. When telephone exchange 52, identifies a 
match between the codes included in replies C and D, it interprets this "as a 
successful verification of the identity of host transceiver 50 and allows the 
25 telephone number of the recipient transceiver 51 sent by host transceiver 50, to 
be transmitted to transceiver station 54 and relayed to recipient transceiver 51 . 

Even if the first set of codes is not immediately deleted after use for any reason, 
the verification software should be programmed so that it avoids reusing a 
30 previously used code. When the subscriber next places an outgoing call, 
telephone exchange 52 sends a request for the second unused code. This 
process continues until all 500 secondary codes have been used up one at a 
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time. IC55 wili then be defunct as it has no more verification codes available and 
must be replenished/replaced. 

When all 500 codes have been used up (in practice this may be a lesser number 
to allow some reserve calls to be made before receiving a replacement for 1C 55) 
the telephone exchange can advise the subscriber (eg. by means of a recorded 
message following verification of, say, the 490th call) to contact his local branch 
to have the defunct (or soon to be defunct) IC 55 replaced with a fresh 1C. The 
fresh IC may be supplied to the branch office already loaded with a new set of 
500 codes. Each branch office may hold a large number of replacement ICs. To 
maintain security of the allocation process the subscriber may select at random a 
replacement IC from a batch of, say, a 1000 replacement ICs. When the 
subscriber selects his/her IC it may be fitted to his transceiver and the telephone 
exchange notified of the choice. The telephone exchange may then associate its 
second copy of the set of codes identical to the chosen replacement IC with the 
subscribers ESN or other identification number. 

IC 55 may be located in an easily accessible position in the associated 
transceiver to enable replacement of defunct ICs. In some embodiments IC 55 
may comprise a smart card. IC 55 also may be integrated with ESN IC 56. 
Typically a transceiver will require modification to accommodate 1C55. This may 
be done by way of a sliding carrier not unlike a smart card. New transceivers may 
be constructed with a built-in slot for receiving IC 55 and/or associated carrier. 

Referring to Fig. 7, there is shown a safe/strong room 60. Safe/strong room 60 
includes a code based door opening apparatus according to the present 
invention. 

The door opening apparatus includes a first code storage means associated with 
a user inaccessable part of the door opening apparatus. The first code storage 
means is adapted for storing a set of secondary codes 61 . The first code storage 
means include a computer diskette 62. The diskette 62 may be adapted to store 
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100 sets of secondary codes, The set of secondary codes 62 is loaded to 
diskette 62 via PC 63. 

Once it is loaded with secondary codes 61 diskette 62 is installed to the user 
inaccessable part of the door opening apparatus. 

PC 63 is used to load an identical set of secondary codes 61 to a second diskette 
64. Diskette 64 is in possession of the owner of safe/strong room 60 or other 
authorized person, who is obliged to store diskette 64 in a secure and preferably 
locked or otherwise restricted location. When the owner/authorized person 
requires access to safe/strong room 60, diskette 64 serves as an electronic key to 
activate the door opening apparatus and gain access to safe/strong room 60. 

When diskette 64 is inserted into the user accessabie part of the door opening 
apparatus associated with safe/strong room 60, the door opening apparatus 
requests the first unused code from the list of 100 codes stored on diskette 62. 
The door opening apparatus also requests the first unused code from the 
identical set of 100 codes stored in diskette 64. When the door opening 
apparatus identifies a match between the codes received from diskette 62 and 
diskette 64 it interprets this as a successful verification of the identity of the 
electronic key and opens the door. 

Finally, it is to be understood that various alterations, modifications and/or 
additions may be introduced into the constructions and arrangements of parts 
previously described without departing from the spirit or ambit of the invention. 
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CLAIMS 



1. A system including at least two parts or stations wherein a transaction or 
connection between any two or more of said parts or stations is conducted or 
established by means of an access code, said access code being available to an 
accessed part or station and requiring an identical access code to be provided to 
an accessing part or station at the time of conducting the transaction or 
establishing the connection, wherein said access code is one of a plurality of 
codes provided to said accessed part or station and available to said accessing 
part or station, said access code being selected from said plurality of codes at the 
time of conducting the transaction or establishing the connection such that no two 
transactions are conducted or no two connections are established with the same 
access code. 

2. A system according to claim 1 wherein said selected code is removed from 
said system or is otherwise disabled after it has been used to conduct a 
transaction or establish a connection between said accessed and accessing parts 
or stations. 



3. A system according to claim 1 or 2 wherein said plurality of codes is 
generated by means of a pseudo random generator. 

4. A system according to claim 1 or 2 wherein said plurality of codes is * 
generated by means of a software program arranged to produce non-repeating 
sequence of codes. 

5. A system according to any one of the preceding claims wherein each code 
includes a sequence of characters and/or numbers. 

6. A system according to claim 5 wherein said characters and/or numbers 
include Roman numerals, letters of the alphabet, morse codes etc. 
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7. A system according to any one of the preceding claims wherein the 
plurality of codes is generated external to said system. 



8. A system according to any one of the preceding claims wherein said 
5^ plurality of codes is at least 1 00. 

9. A system according to any one of the preceding claims including first code 
storage means associated with said accessing part or station for storing one copy 
of said plurality of codes. 

10 

10. A system according to claim 9 including second code storage means 
associated with said accessed part or station for storing a second copy of said 
plurality of codes identical to said one copy stored in said first storage means. 

15 11. A system according to claim 9 wherein said first code storage means 
includes one of an ATM transaction card, a smart card, an integrated circuit 
microchip and a computer diskette. 

12. A system according to claim 10 wherein said second code storage means 
20 is associated with one of a bank computer system, a service provider computer 

system and a telephone exchange. 

13. A system according to any one of claims 1 to 10 wherein at least one said 
part or station includes an ATM terminal 

25 

14. A system according to any one of claims 1 to 10 wherein at least one said 
part or station includes a PC or computer terminal. 

15. A system according to any one of claims 1 to 10 wherein at least one said 
30 part or station includes a mobile transceiver. 
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16. A system according to any one of claims 1 to 10 wherein at least one said 
part or station is associated with a door opening apparatus. 

17. A method of conducting a transaction or establishing a connection 
5 between at least two parts or stations by means of an access code, said access 

code being available to an accessed part or station at the time of conducting the 
transaction or establishing the connection and requiring an identical access code 
to be provided to an accessing part or station, said method including the steps of: 

making available a plurality of codes to said accessed and said accessing 
10 parts or stations; 

selecting, at the time of conducting the transaction or establishing the 
connection, one code from said plurality of codes; and 

using said selected code to conduct the transaction or establish the 
connection such that no two transactions are conducted or no two connections 
1 5 are established with the same access code. 

18. A method according to claim 17 wherein said selected code is removed 
from said accessed part or station or is otherwise disabled after ft has been used 
to conduct a transaction or establish a connection between said accessed and 

20 accessing parts or stations. 

19. A method according to claim 17 or 18 wherein said plurality of codes is 
generated by means of a pseudo random generator. 

25 20. A method according to claim 17 or 18 wherein said plurality of codes is 
generated by means of a software program arranged to produce non-repeating 
sequence of codes. 

21. A method according to any one of claims 17 to 20 wherein each code 
30 includes a sequence of characters and/or numbers. 
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22. A method according to claim 21 wherein said characters and/or numbers 
include Roman numerals, letters of the alphabet, morse codes etc. 

23. A method according to any one of claims 17 to 22 wherein the plurality of 
codes is generated external to said at least two parts or stations. 

24. A method according to any one of claims 17 to 23 wherein said plurality of 
codes is at least 100. 

25. A method according to any one of claims 17 to 24 including providing first 
code storage means associated wfth said accessing part or station for storing one 
copy of said plurality of codes, 

26- A method according to claim 25 including providing second code storage 
means associated with said accessed part or station for storing a second copy of 
said plurality of codes identical to said one copy stored in said first storage 
means. 

27. A method according to claim 25 wherein said first code storage means 
includes one of an ATM transaction card, a smart card, an integrated circuit 
microchip and a computer diskette. 

28. A method according to claim 26 wherein said second code storage means 
is associated with one of a bank computer system, a service provider computer 
system and a telephone exchange. 

29. A method according to any one of claims 17 to 26 wherein at least one 
said part or station includes an ATM terminal. 

30. A method according to any one of claims 17 to 26 wherein at least one 
said part or station includes a PC or computer terminal. 
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31. A method according to any one of claims 17 to 26 wherein at least one 
said part or station includes a mobile transceiver, 

32. A method according to any one of claims 17 to 26 wherein at least one 
said part or station is associated with a door opening apparatus. 

33. A system according to claim 1 substantially as herein described with 
reference to Fig. 1 or Figs. 2A, 2B, 3A, 38, 3C and 4 or Fig. 5 or Fig. 6 of the 
accompanying drawings. 

34. A method according to claim 17 substantially as herein described with 
reference to Fig. 1 or Figs. 2A f 2B, 3A, 3B, 3C and 4 or Fig. 5 or Fig. 6 of the 
accompanying drawings. 
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ABSTRACT 



A system including at least two parts or stations wherein a transaction or 
connection between any two or more of the parts or stations is conducted or 
5^ established by means of an access code, the access code being available to an 
accessed part or station and requiring an identical access code to be provided to 
an accessing part or station at the time of conducting the transaction or 
establishing the connection. The system is characterized in that the access code 
is one of a plurality of codes provided to the accessed part or station and 
10 available to the accessing part or station. The system is further characterized in 
that the access code is selected from the plurality of codes at the time of 
conducting the transaction or establishing the connection, such that no two 
transactions are conducted or no two connections are established with the same 
access code. 

15 
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ATTORNEY DOCKET NO.: TAY-101 

Declaration, Power of Attorney, and Petition 



As a below named inventor, I/we hereby declare that: 

My/Our residence, post office address and citizenship is/are as stated below next to my/our name(s), 

I believe I am the original, first and sole inventor (if only one name is listed below) or an original, first and joint inventor 
(if plural names are listed below) of the subject matter which is claimed and for which a patent is sought on the invention 
entitled: IMPROVEMENTS IN CODE BASED ACCESS SYSTEMS, the specification of which (check one) 

13 is attached hereto; or 

□ was filed on as Application Serial No. and was amended on 

(if applicable); or 

PCT FILED APPLICATION ENTERING NATIONAL STAGE 

□ was described and claimed in International Application No. filed on 

and as amended on (if applicable). 

I/We hereby state that I/we have reviewed and understand the contents of the above identified 
specification, including the claims, as amended by any amendment referred to above, and that it contains a full, clear, 
concise and exact description of the subject matter for which a patent is sought. 

I/we acknowledge the duty to disclose information which is material to the examination of this 
application in accordance with Title 37, Code of Federal Regulations, § 1.56(a). 

Prior Application(s) 

HI (Check if applicable) I/We hereby claim foreign priority benefits under Title 35, United States Code 
§ 1 19, by checking the box(es) below, any foreign application(s) for patent or inventor's certificate, or PCT International 
application having a filing date before that of the application on which priority is claimed: 



Priority 



Prior Foreign Application(s) 

Claimed 

PI9800664 Malaysia 17 February 1998 [IT] | 

(Number) (Country) Day/month/year filed Yes No 



(Number) (Country) Day/month/year filed Yes No 

□ (Check if applicable) I/We hereby claim the benefit under Title 35, United States Code, § 1 19(e) of 
any United States provisional application(s) listed below: 

Prior Provisional Application(s) 

(Application Number) (Filing Date) 



(Application Number) 



(Filing Date) 



{Note: When the nonprovisional application is entitled to an earlier U.S. effective filing date of one or more provisional 
applications under Title 35, United States Code § 1 19(e), a statement such as "This application claims the benefit of U.S. 

Provisional Application No. 3 filed } and U.S. Provisional Application No. 

3 filed should appear as the first sentence of the description. In view of this requirement, 

the right to rely on a prior application may be waived or refused by an applicant by refraining from inserting a reference to 
the prior application in the specification of the later one.) 



□ (Check if applicable) I/We hereby claim the benefit under Title 35, United States Code, § 120 of any 
United States application(s) listed below and, insofar as the subject matter of each of the claims of this application is not 
disclosed in the prior United States application in the manner provided by the first paragraph of Title 35, United States 
Code, § 1 12, I/we acknowledge the duty to disclose material information as defined in Title 37, Code of Federal 
Regulations, § 1 .56(a) which occurred between the filing date of the prior application and the national or PCT international 
filing date of this application: 

Prior U.S. Application(s) 



(Application Serial No.) (Filing Date) Status (Patented, pending, abandoned) 

(Application Serial No.) (Filing Date) Status (Patented, pending, abandoned) 

□ (Check if applicable) I/We hereby authorize the U.S. attorneys or agents named herein to accept and 

follow instructions from as to any action to be taken in the Patent 

and Trademark Office regarding this application without direct communication between the U.S. attorneys or agents named 
herein and myself/ourselves. In the event of a change, I/we will notify in writing the U.S. attorney or agent named herein. 

□ (Check if applicable) In this continuation-in-part application, insofar as the subject matter of any of 
the claims of this application is not disclosed in the prior United States application in the manner provided by the first 
paragraph of Title 35, United States Code, Section 1 12, 1 acknowledge the duty to disclose material information as defined 
in Title 37, Code of Federal Regulations, Section 1 .56(a) which occurred between the filing date of the prior application 
and the national or PCT international filing date of this application. 

I/We hereby declare that all statements made herein of my/our own knowledge are true and that all 
statements made on information and belief are believed to be true; and further that these statements were made with the 
knowledge that willful false statements and the like so made are punishable by fine or imprisonment, or both, under Section 
1001 of Title 18 of the United States Code and that such willful false statements may jeopardize the validity of the 
application or any patent issued thereon. 

I/we hereby appoint the attorneys whose names are associated with United States Patent mdJTrademark 
Office Customer Number 21832: 




021832 

PATENT TR MEttfffiK OFFICE 

Bar Code Above 



Barry Kramer, Reg. No. 20,622 
Neil G. Cohen, Reg. No. 35,100 
Mark Giarrantana, Reg. No. 32,615 
Joseph Kentoffio, Reg. No. 33,189 
James W. Jakobsen, Reg. No. 38,505 
Victoria M. Malia, Reg. No. 39,359 



Jeffrey J. Miller, Reg. No. 39,773 
Steven J. Moore, Reg. No. 35,959 
Basem E. Nabulsi, Reg. No. 3 1,645 
R. Thomas Payne, Reg. No. 30,674 
Scott D. Wofsy, Reg. No. 35,413 
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of the firm of CUMMINGS & LOCKWOOD, whose address is Four Stamford Plaza, P.O. Box 120, Stamford, Connecticut 
06904-0120, as my/our attorneys with full power of substitution and revocation, to prosecute this application and to 
transact all business in the Patent and Trademark Office connected therewith. 

Please address all written correspondence to the address associated with United States Patent and 
Trademark Customer Number 2 1 832: 

CUMMINGS & LOCKWOOD 

Granite Square 

700 State Street 

P.O. Box 196020 

New Haven, CT 06509-1960 

Fax (203) 351-4535 

Telephone Calls should be directed to Scott D. Wofsy, by dialing (203) 351-4289. 

Wherefore I/we pray that Letters Patent be granted to me/us for the invention or discovery described and 
claimed in the foregoing specification and claims, and I/we hereby subscribe my name to the foregoing specification and 
claims, declaration, power of attorney, and this petition. 

Full name of first inventor: 

Residence: 



Citizenship: 

Post Office Address: 



Inventor's signature 

Full name of second inventor: 

Residence: 

Citizenship: 

Post Office Address: 



Inventor's signature 
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